CVE-2023-42830: Buffer Overflow
Published Mar 27, 2023
·Updated
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4. An app may be able to read sensitive location information.
Credit
Adam M., Csaba Fitzl@@theevilbit(Offensive Security), Mohamed GHANNAM@@_simo36, Mohamed GHANNAM, Mohamed Ghannam@@_simo36, Mickey Jin@@patch1t, Rıza Sabuncu@@rizasabuncu, Yiğit Can YILMAZ@@yilmazcanyigit, Itay Iellin(General Motors Product Cyber Security), Etienne Charron(Renault), Khadim Dieng(Renault), JeongOhKyea, Jianjun Dai(360 Vulnerability Research Institute), Guang Gong(360 Vulnerability Research Institute), Tingting Yin(Tsinghua University), Ye Zhang@@VAR10CK(Baidu Security), an anonymous researcher, Jubaer Alnazi(TRS Group of Companies), ryuzaki, Meysam Firouzi@@R00tkitSMM(Mbition Mercedes), jzhu(Trend Micro Zero Day Initiative), Pan ZhenPeng@@Peterpan0927(STAR Labs SG Pte), Pan ZhenPeng(STAR Labs SG Pte), Zechao Cai@@Zech4o(Zhejiang University), Adam Doupé(ASU SEFCOM), sqrtpwn, Félix Poulin-Bélanger, David Pan Ogea, an anonymous researcher(Red Canary), Brandon Dalton@@partyD0lphin(Red Canary), Milan Tenk(F), (F), Arthur Valiev(F), Zweig(Kunlun Lab), Abhay Kailasia@@abhay_kailasia(Lakshmi Narain College Of Technology Bhopal), Zhuowei Zhang, developStorm, Anton Spivak, Jubaer Alnazi Jabin(TRS Group Of Companies), (Alibaba Group), Wenchao Li(Alibaba Group), Xiaolong Bai(Alibaba Group), Xin Huang@@11iaxH, Gertjan Franken(imec), KU Leuven, hazbinhotel(Trend Micro Zero Day Initiative), Hyeon Park@@tree_segment(Team ApplePIE), Georgy Kucherin@@kucher1n(Kaspersky), Leonid Bezvershenko@@bzvr_(Kaspersky), Boris Larin@@oct0xor(Kaspersky), (Kaspersky), Valentin Pashkov(Kaspersky), Anonymous(Trend Micro Zero Day Initiative), Dohyun Lee@@l33d0hyun(SSD Labs), crixer@@pwning_me(SSD Labs), ABC Research s.r.o., Wojciech Reguła@@_r3ggi(SecuRing), Chan Shue Long(Offensive Security), (Offensive Security), Junoh Lee at Theori, CVE-2022-43551, CVE-2022-43552, Aleksandar Nikolic(Cisco Talos), Mikko Kenttälä )@@Turmio_(SensorFu), Joshua Jones, Murray Mike, Arsenii Kostromin (0x3c3e), Xinru Chi(Pangu Lab), Ned Williamson(Google Project Zero), Khiem Tran, Mickey Jin@@patch1t(FFRI Security Inc), Koh M. Nakagawa(FFRI Security Inc), Masahiro Kawada@@kawakatz(GMO Cybersecurity by Ierae), Guilherme Rambo(Best Buddy Apps), CVE-2023-0049, CVE-2023-0051, CVE-2023-0054, CVE-2023-0288, CVE-2023-0433, CVE-2023-0512
Affected Software
6 affected componentsFixes available
macOS Ventura<13.3
13.3
Apple iOS and iPadOS<16.4
16.4
Apple iOS, iPadOS, and macOS<16.4
16.4
Apple iOS, iPadOS, and macOS<16.4
iPhone OS<16.4
macOS<13.3
Event History
Mar 27, 2023
Data Sourced
via Apple·12:00 AM
DescriptionWeaknessAffected Software
Updated
via Apple·12:00 AM
DescriptionWeakness
Jan 10, 2024
CVE Published
via MITRE·10:03 PM
Data Sourced
via MITRE·10:03 PM
DescriptionWeakness
Data Sourced
via NVD·10:15 PM
DescriptionSeverityWeaknessAffected Software
Frequently Asked Questions
1
What is CVE-2023-42830?
CVE-2023-42830 is a vulnerability in the App Store that allows for a privacy issue to be addressed with improved private data redaction for log entries.
2
Which software versions are affected by CVE-2023-42830?
The affected software versions are Apple iOS up to but not including version 16.4, and Apple iPadOS up to but not including version 16.4.
3
How can I fix CVE-2023-42830?
To fix CVE-2023-42830, you need to update your Apple iOS or Apple iPadOS to version 16.4 or later.
4
Where can I find more information about CVE-2023-42830?
You can find more information about CVE-2023-42830 on the official Apple support page: https://support.apple.com/en-us/HT213676